2 matches found
CVE-2026-54891
The CVE-2026-54891 entry concerns Erlang/OTP ssl (tls_gen_connection.erl) where a network-positioned attacker can inject unauthenticated plaintext during TLS handshake. The tls_gen_connection:handle_protocol_record/3 function rejects APPLICATION_DATA in pre-handshake when acting as a server, but ...
CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl
Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...